Opera: RSA signature forgery
— GLSA 200609-18

Affected Packages

Package

www-client/opera on all architectures

Affected versions

< 9.02

Unaffected versions

>= 9.02

Background

Opera is a multi-platform web browser.

Description

Opera makes use of OpenSSL, which fails to correctly verify PKCS #1
v1.5 RSA signatures signed by a key with exponent 3. Some CAs in
Opera's list of trusted signers are using root certificates with
exponent 3.

Impact

An attacker could forge certificates which will appear valid and signed
by a trusted CA.